Back Orifice 2000

Back Orifice 2000

Screenshot of BO2k client
Developer(s)	Dildog(cDc) (original code) BO2k Development Team (current maintenance)
Stable release	1.1.6 (Windows), 0.1.5 pre1 (Linux) / March 21, 2007
Operating system	Microsoft Windows, Linux(client only)
Type	Remote administration
License	GPL

Back Orifice 2000(often shortened toBO2k) is acomputer programdesigned forremote system administration.It enables a user to control a computer running theMicrosoft Windowsoperating system from a remote location. The name is a pun onMicrosoft BackOffice Serversoftware.

BO2k debuted on July 10, 1999, atDEF CON7, a computer security convention in Las Vegas, Nevada. It was originally written byDildog,a member of US hacker groupCult of the Dead Cow.It was a successor to the cDc'sBack Orificeremote administration tool, released the previous year. As of 2007^[update],BO2k was being actively developed.

Whereas the original Back Orifice was limited to theWindows 95andWindows 98operating systems, BO2k also supportsWindows NT,Windows 2000andWindows XP.Some BO2k client functionality has also been implemented forLinuxsystems. In addition, BO2k was released asfree software,which allows one toportit to other operating systems.

BO2k has apluginarchitecture. The optional plugins include:

• communication encryption withAES,Serpent,CAST-256,IDEAorBlowfishencryption algorithms
• network address altering notification byemailandCGI
• total remote file control
• remoteWindows registryediting
• watching at the desktop remotely by streaming video
• remote control of both the keyboard and the mouse
• a chat, allowing administrator to discuss with users
• option to hide things from system (rootkitbehavior, based onFU Rootkit)
• accessing systems hidden by a firewall (the administrated system can form a connection outward to the administrator's computer. Optionally, to escape even more connection problems, the communication can be done by a web browser the user uses to surf the web.)
• forming connection chains through a number of administrated systems
• client-less remote administration overIRC
• on-line keypress recording

Back Orifice and Back Orifice 2000 are widely regarded asmalware,tools intended to be used as a combinedrootkitandbackdoor.For example, at present manyantivirus softwarepackages identify them asTrojan horses.^{[1][2][3][4][5]}This classification is justified by the fact that BO2k can be installed by a Trojan horse, in cases where it is used by an unauthorized user, unbeknownst to the system administrator.

There are several reasons for this, including: the association with cDc; the tone of the initial product launch at DEF CON^[6](including that the first distribution of BO2k by cDc was infected by theCIHvirus^[7]); the existence of tools (such as "Silk Rope"^[8]) designed to add BO2kdroppercapability to self-propagating malware; and the fact that it has actually widely been used for malicious purposes.^[9][10][11]The most common criticism is that BO2k installs and operates silently, without warning a logged-on user that remote administration or surveillance is taking place.^[12]According to the official BO2k documentation, the person running the BO2k server is not supposed to know that it is running on their computer.^[13]

BO2k developers counter these concerns in theirNote on Product Legitimacy and Security,pointing out—among other things—that some remote administration tools widely recognized as legitimate also have options for silent installation and operation.^[14]

• Sub7
• MiniPanzer and MegaPanzer
• File binder

• BO2K teaser #1onYouTube
• BO2K teaser #2on YouTube
• DEF CON 7 - Reznor - Cult of the Dead Cow - BO2K!on YouTube
• BO2K Presentation Behind-the-Sceneson YouTube